]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 56e0aae) | patch
Merge r1610501 from trunk:
authorJim Jagielski <jim@apache.org>
Thu, 17 Jul 2014 18:20:46 +0000 (18:20 +0000)
committerJim Jagielski <jim@apache.org>
Thu, 17 Jul 2014 18:20:46 +0000 (18:20 +0000)
commitcd3a22b771357b554448051feaa1a906b2bc0d50
tree0027962c673be3d8a97501692cd3cb3b9dbb5175tree | snapshot
parent56e0aae121ae891bcf43fdaf06780e25c3028857commit | diff
Merge r1610501 from trunk:

  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to avoid
     denial of sevice via highly compressed bodies.  See directives
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst.

Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.

Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim

Submitted by: covener
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611426 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
STATUS diff | blob | blame | history
docs/manual/mod/mod_deflate.xml diff | blob | blame | history
modules/filters/mod_deflate.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git